| 发明名称 | Verifying application security vulnerabilities | ||
| 摘要 | Verifying application security vulnerabilities includes receiving a source code to analyze, performing a static analysis using the received source code and generating a vulnerability call trace for the received source code. Responsive to a determination that all static analysis results are not validated, mock objects are generated using the vulnerability call trace and a unit test is created using the generated mock objects. The unit test is executed using the generated mock objects and responsive to a determination that an identified vulnerability was validated; a next static analysis result is selected. Responsive to a determination that all static analysis results are validated, results and computed unit tests are reported. | ||
| 申请公布号 | US9160762(B2) | 申请公布日期 | 2015.10.13 |
| 申请号 | US201414574790 | 申请日期 | 2014.12.18 |
| 申请人 | INTERNATIONAL BUSINESS MACHINES CORPORATION | 发明人 | Brake Nevon C.;Ionescu Paul;Onut Iosif Viorel;Peyton, Jr. John T.;Smith Wayne Duncan |
| 分类号 | H04L29/06 | 主分类号 | H04L29/06 |
| 代理机构 | Cuenot, Forsythe & Kim, LLC | 代理人 | Cuenot, Forsythe & Kim, LLC |
| 主权项 | 1. A computer-implemented process for verifying application security vulnerabilities of a source code, comprising: generating, responsive to all static analysis results not being validated, mock objects using a vulnerability call trace for the source code; creating a unit test using the generated mock objects; executing the unit test using the generated mock objects to determine whether an identified vulnerability was validated; and selecting, responsive to a determination that the identified vulnerability was validated, a next static analysis result. | ||
| 地址 | Armonk NY US | ||